Is the password needed every time you use the device, or just when you add the device to a wallet (nunchuk)?

I’m trying to understand exactly how and when the password protects from unauthorized use. From the article, it seems like the password would be requested if someone grabbed the device and tried to use their phone to set up a wallet. But the owner would only need to use the password once to add the key to a wallet, and thereafter, the key would not be necessary with that specific phone or Nunchuck account. Is this correct?

The website could use a thorough FAQ section, just my 2 sats